Cyber Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; President and CEO: Toshihiro Koike; hereinafter referred to as "the Company"), a global security company, is pleased to announce that it has updated the features of its WAF automatic operation service, WafCharm, strengthening its defense functions and adding a new "dashboard analysis function."

As cloud computing advances rapidly, the number of companies using public cloud services, including AWS, is increasing year by year. At the same time, cyber attacks are also on the rise, making it urgent for companies to strengthen security, including in their cloud environments. To prevent incidents caused by cyber attacks, many companies that use public cloud services are introducing WAFs (Web Application Firewalls) provided by public cloud vendors, such as AWS WAF.
However, the WAFs provided by public cloud vendors require each company to update and customize rules to suit their own environment. As a result, many companies are left feeling their way through WAF operations due to a lack of security specialists, and many companies are faced with the challenge of manually adding blacklists, which takes a lot of time and effort. In addition, many companies do not fully understand the effectiveness or detection status of WAFs.
To address these issues, we have been developing and providing the WAF automated operation service "WafCharm" since 2017. Now, to further resolve issues in WAF operation, we have significantly enhanced the functionality of "WafCharm."
In this update, we have significantly expanded our defense capabilities, and now we can not only respond to general threats and vulnerabilities in individual environments, but also mitigate DDoS attacks and deal with threats caused by malicious bots. In addition, we have added a new dashboard analysis function that allows you to easily understand the detection status and security threats. This function allows users to easily understand their company's security status and can also be used to plan long-term security strategies.
We will continue to strive to improve our services to meet the diverse needs of our customers.

■ Strengthening defense functions

To maximize the use of public cloud WAF, we have significantly strengthened the defense functions of "WafCharm". While maintaining existing functions such as threat prevention rules for OWASP Top 10 and tamper detection functions, we have added new functions.
As a new feature, IP rules, GEO rules, and rate-based rules can now be centrally configured and managed within WafCharm. By utilizing these rules, you can restrict access from specific IP addresses, countries/regions, and large amounts of access in a short period of time. By combining these rules, you can effectively mitigate attacks that send large amounts of access, such as DDoS attacks.
In addition, a new Bot Control function has been implemented, making it possible to identify and block malicious bots. By utilizing the Bot Control function, it is possible to prevent fraudulent transactions and service interruptions on e-commerce sites, improving the safety of services and sites. (*1)

For more information about defense functions, please click here: https://wafcharm.com/jp/functions/

■About the new "Dashboard Analysis Function" (※1)
We have added a new function, "Dashboard Analysis Function," to visualize the WAF detection status and make it easier to understand security threats.
The new dashboard allows you to easily check important information about unauthorized access and cyber attacks, such as the percentage of rules that detected attacks, the country/region or IP address from which the access originated, the path from which the access was made, etc. By checking the dashboard, you can understand at a glance the type, frequency, and trends of the attacks and threats you are facing, without having to perform complex analysis.
In addition, a new log search function has been added that allows for more detailed analysis of security threats. WAF logs can be easily analyzed by narrowing down the results by combining conditions such as time period and accessed paths. The log search function eliminates the need to download huge volumes of WAF logs stored in services such as Amazon S3 and analyze them one by one, greatly improving the efficiency of log analysis.
In addition, when a false positive or problem occurs, the log search function can be used to quickly identify the cause, shortening the time it takes to resolve the problem.

For more information about the dashboard analysis function, please click here: https://wafcharm.com/jp/functions/#dashboard

■About WafCharm
The WAF automation service "WafCharm" is a service that automates the operation of WAFs provided on public clouds. It is compatible with the three major cloud platforms (*2): AWS, Azure, and Google Cloud.
By introducing WafCharm, you can automatically apply rules optimized for each individual environment. In addition, you can leave complex tasks such as customizing and adding rules to WafCharm, and the function of automatically updating the blacklist using WAF logs and our unique detection data eliminates the need for manual blacklist additions. WAF can be configured and operated even if you do not have in-house security personnel.
In addition, technical support is provided 24 hours a day, 365 days a year, so you can rest assured even in the unlikely event of a false positive or other problem.
WafCharm can significantly reduce the amount of work required to operate a public cloud WAF, contributing to the realization of efficient security management.

"WafCharm" service site: https://www.wafcharm.com/jp/

*1 This new feature is only available in AWS environments.
*2 Source: Canalys "Canalys Newsroom- Global cloud services spend hits record US$49.4 billion in Q3 2021"

About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kami-Osaki, Shinagawa-ku, Tokyo
Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp/
With the vision of "creating a cyberspace that people all over the world can use safely and securely," we are a Japanese security manufacturer that provides vulnerability information collection and management tools and fully managed security services for cloud environments, centered on web application security services that make full use of the world's leading cyber threat intelligence. As one of the global companies in cybersecurity, we will contribute to solving social issues related to cybersecurity and provide added value to society.